Home > Security Alerts > Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

May 8, 2026 Friday

CVE-2026-23918 (CVSS score: 8.8), has been described as a case of “double free and possible RCE” in the HTTP/2 protocol handling. This issue has been addressed in version 2.4.67.

Latest News

Invitation to Complete the ITS Survey 2025–2026

Notice on Bulk Email Delivery

Release of DeepSeek-V4-Flash and DeepSeek-V4-Pro on HKU ChatGPT and HKU ITS Developer Portal

Facial Identity Access Expansion and New HKU App Registration (For HKU Students)

HKU App is now available on the Huawei AppGallery!

Popular Services:

uPrint
Study Rooms in Learning Commons
Software Download
HKU Virtual Private Network (HKUVPN)
Application

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

About Information Technology Services,
The University of Hong Kong

Alerts

Service Request & Support

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

About Information Technology Services, The University of Hong Kong

Alerts

Service Request & Support

About Information Technology Services,
The University of Hong Kong